allow_nets=local in passdb gets "auth: Panic"

SATOH Fumiyasu fumiyas at osstech.jp
Tue Jan 5 15:31:11 UTC 2016


At Mon, 4 Jan 2016 14:19:52 -0500,
Timo Sirainen wrote:
> > passdb {
> >  driver = ldap
> >  args = /etc/dovecot/dovecot-ldap.conf.ext
> >  default_fields = allow_nets=local,127.0.0.1,10.255.1.0/24
> > }
> > 
> > This triggers "auth: Panic" on POP3/IMAP logins as the below:
> > 
> > Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets: Invalid network 'local'
> > Dec 22 14:57:39 localhost dovecot: auth: Panic: file net.c: line 1137 (net_is_in_network): assertion failed: (IPADDR_IS_V6(ip) == IPADDR_IS_V6(net_ip))
> > 
> > `doveadm auth test <username> <password>` is no problem as expected.
> > 
> > What's wrong?
> 
> allow_nets can only contain IP/network ranges. You can't use any names like "local". Anyway, it still shouldn't crash. This fixes it:

Dovecot 2.2.15 has the following change:

        + passdb allow_nets=local matches lookups that don't contain an IP
          address (internally done by Dovecot services)

I use the "allow_nets=local" to allow administrtors to run
`doveadm auth test username`.  If allow_nets has no "local",
it is failed (rejected?). Is this a bug?

# doveadm auth test foobar
Password: correct-password
passdb: foobar auth failed
extra fields:
  user=foobar

> https://github.com/dovecot/core/commit/f53a1b98d6792a3aa28474fca0901b1de035f8ba

Thank you!

-- 
-- Name: SATOH Fumiyasu @ OSS Technology Corp. (fumiyas @ osstech co jp)
-- Business Home: http://www.OSSTech.co.jp/
-- GitHub Home: https://GitHub.com/fumiyas/
-- PGP Fingerprint: BBE1 A1C9 525A 292E 6729  CDEC ADC2 9DCA 5E1C CBCA


More information about the dovecot mailing list